QUESTION 73Note: This question is part of a series of questions that use the same or similar answer choices. An answer choice may be correct for more than one question in the series. Each question is independent of the other questions in this series. Information and details provided in a question apply only to that question.Your network contains an Active Directory domain named contoso.com.The domain contains a domain controller named DC1 that runs Windows Server 2016.You need to create a snapshot of the Active Directory database on DC1.Which tool should you use?

QUESTION 74Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your network contains an Active Directory domain named contoso.com.The domain contains a server named Server1 that runs Windows Server 2016.The Computer account for Server1 is in organizational unit (OU) named OU1.You create a Group Policy object (GPO) named GPO1 and link GPO1 to OU1.You need to add a domain user named user1 to the local Administrators group on Server1.Solution: From the Computer Configuration node of GPO1, you configure the Restricted Groups settings.Does this meet the goal?

A. YesB. No

Answer: A

QUESTION 75The network contains an Active Directory forest named contoso.com.The forest contains three domain controllers configured as shown in the following table.

The company physically relocates Server2 from the Montreal office to the Seattle office.You discover that both Server1 and Server2 authenticate users who sign in to the client computers in the Montreal office. Only Server3 authenticates users who sign in to the computers in the Seattle office.You need to ensure that Server2 authenticates the users in the Seattle office during normal network operations.What should you do?

A. From Windows PowerShell, run the Set-ADReplicationSite cmdlet.B. From Active Directory Users and Computers, modify the Location Property of Server2.C. From Network Connections on Server2, modify the Internet Protocol Version 4 (TCP/IPv4) configuration.D. From Windows PowerShell, run the Move-ADDirectoryServer cmdlet.

Answer: A

QUESTION 76You have an enterprise certification authority (CA).You create a global security group named Group1.You need to provide members of Group1 with the ability to issue and manage certificates.The solution must prevent the Group1 members from managing certificates requested by members of the Domain Admins group.Which two actions should you perform? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.

A. From the CA properties, modify the Policy Module settings.B. From the Certificate Templates console, modify the Security settings of the Administrator certificate template.C. From the CA properties, modify the security settings.D. From the CA properties, modify the Enrollment Agents settings.E. From the CA properties, modify the Certificate Managers Settings.F. From the Certificate Templates console, modify the Security settings of the User certificate template.

Answer: AE

QUESTION 77Your network contains an Active Directory domain named contoso.com.The domain contains a web application that uses Kerberos authentication.You change the domain name of the web application.You need to ensure that the service principal name (SPN) for the application is registered.Which tool should you use?

A. RdspnfB. Active Directory Users and ComputersC. DnscmdD. Ldifde

Answer: B

QUESTION 78Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have a server named Web1 that runs Windows Server 2016.You need to list all the SSL certificates on Web1 that will expire during the next 60 days.Solution: You run the following command.

Does this meet the goal?

A. YesB. No

Answer: B

QUESTION 79Your network contains an Active Directory domain named contoso.com.The domain contains a server named Server1 that runs Windows Server 2016.Server1 has IP Address Management (IPAM) installed. IPAM is configured to use the Group Policy based provisioning method. The prefix for the IPAM Group Policy objects (GPOs) is IP.From Group Policy Management, you manually rename the IPAM GPOs to have a prefix of IPAM.You need to modify the GPO prefix used by IPAM.What should you do?

Answer: BExplanation:The Set-IpamConfiguration cmdlet modifies the configuration for the computer that runs the IPAM server.The -GpoPrefix<String> parameter specifies the unique Group Policy object (GPO) prefix name that IPAM uses to create the group policy objects. Use this parameter only when the value of the ProvisioningMethod parameter is set to Automatic.References: https://technet.microsoft.com/en-us/library/jj590816.aspx

QUESTION 80Your network contains an Active Directory domain named contoso.com.You open Group Policy Management as shown in the exhibit. (Click the Exhibit button.)

You discover that some of the settings configured in the A1 Group Policy object (GPO) fail to apply to the users in the OU1 organizational unit (OU).You need to ensure that all of the settings in A1 apply to the users in OU1.What should you do?

QUESTION 82Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have a server named Web1 that runs Windows Server 2016.You need to list all the SSL certificates on Web1 that will expire during the next 60 days.Solution: You run the following command.Get-ChildItem Cert:\LocalMachine\Trust |? { $_.NotAfter ­It (Get-Date).AddDays( 60 ) }Does this meet the goal?

A. YesB. No

Answer: A

QUESTION 83Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1 and a domain controller named DC1. Both servers run Windows Server 2016. Server1 is used to perform administrative tasks, including managing Group Polices.After maintenance is performed on DC1, you open a Group Policy object (GPO) from Server1 as shown in the exhibit.

You need to be able to view all of the Administrative Templates settings in GPO1.What should you do?

A. From File Explorer, copy the administrative templates from \\contoso.com\SYSVOL\contoso.com\Policies to the PolicyDefinitions folder on Server1.B. From File Explorer, delete\\contoso.com\SYSVOL\contoso.com\Policies\PolicyDefinitions.C. From File Explorer, delete the PolicyDefinitions folder from Server1.D. From Group Policy Management, configure WMI Filtering for GPO1.